We Listen. We Advise. We Deliver What Matters.

Website Privacy & Data Policy

1. Introduction

Atlas Agni Taj ("we", "us", "our") is a global enterprise transformation and advisory consultancy with offices in the United Kingdom, the United Arab Emirates, the Kingdom of Saudi Arabia, and India. This Privacy & Data Policy explains how we collect, use, share, and protect personal data when you visit our website at atlasagnitaj.com (the "Website"), contact us, subscribe to our insights, or otherwise interact with us online.

We are committed to handling personal data lawfully, fairly, and transparently, in accordance with the data protection laws applicable in each jurisdiction where we operate, including:

  • The UK General Data Protection Regulation and Data Protection Act 2018 (United Kingdom)
  • The EU General Data Protection Regulation (GDPR), where we serve clients in the European Economic Area
  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
  • The Personal Data Protection Law of the Kingdom of Saudi Arabia (KSA PDPL)
  • The Digital Personal Data Protection Act, 2023 (India DPDP Act)

Where these laws differ, we apply the standard that provides the strongest protection reasonably applicable to your data.

2. Who We Are (Data Controller)

The data controller responsible for personal data collected through this Website is [LEGAL ENTITY NAME], registered at [REGISTERED ADDRESS].

For all privacy enquiries, you can contact us at [PRIVACY CONTACT EMAIL].

Internal Review Quality Directive

Note for internal review: the privacy contact email must not be published until inbound email delivery is confirmed as working. A privacy contact that bounces is itself a compliance failure.

3. Personal Data We Collect

We collect personal data in the following ways when you use the Website:

Category Examples How it is collected
Identity & contact data Name, job title, organisation, email address, phone number Contact forms, enquiry emails, newsletter sign-up, event registrations
Professional data Company, sector, role, nature of enquiry, project context you share with us Enquiry forms and correspondence
Technical data IP address, browser type and version, device type, operating system, referral source Automatically, via server logs and analytics
Usage data Pages visited, time on page, navigation paths, downloads of our insights and documents Analytics cookies and similar technologies
Marketing preferences Subscription status, communication preferences, engagement with our emails Newsletter sign-up and email interactions
Recruitment data CV, work history, qualifications (if you apply for a role or register interest) Direct submission by you

We do not intentionally collect special category data (such as health, religious, or biometric data) through the Website, and we ask that you do not submit such data via our forms.

4. How and Why We Use Your Data

We use personal data only where we have a lawful basis to do so. The table below sets out our purposes and the corresponding legal bases under UK/EU GDPR (equivalent bases apply under the UAE PDPL, KSA PDPL, and India DPDP Act, which are consent-centric; where those laws require consent, we rely on your consent).

Purpose Data used Legal basis (UK/EU GDPR)
Responding to enquiries and providing information about our services Identity, contact, professional data Legitimate interests; steps prior to entering a contract
Delivering advisory and transformation services to clients Identity, contact, professional data Performance of a contract
Sending insights, thought leadership, and marketing communications Identity, contact, marketing preferences Consent (opt-in); legitimate interests for existing clients, with opt-out
Operating, securing, and improving the Website Technical, usage data Legitimate interests
Analytics and performance measurement Technical, usage data Consent (analytics cookies)
Recruitment and talent pooling Recruitment data Steps prior to entering a contract; legitimate interests
Complying with legal and regulatory obligations As required Legal obligation

5. Cookies and Analytics

The Website uses cookies and similar technologies. Cookies are small text files placed on your device. We use:

  • Strictly necessary cookies — required for the Website to function (e.g., security, load balancing). These do not require consent.
  • Analytics cookies — we use Google Analytics 4 (GA4) to understand how visitors use the Website. GA4 collects pseudonymised usage data, including truncated IP addresses. Analytics cookies are set only with your consent.
  • Functionality cookies — remember your preferences, such as cookie consent choices.

You can withdraw or change your cookie consent at any time via the cookie settings link on the Website, and you can also control cookies through your browser settings. Refusing analytics cookies does not affect your ability to use the Website.

Implementation technical note: A consent management banner must be live on the Website before analytics cookies fire. This should be included in the freelancer scope.

6. Who We Share Data With

We do not sell personal data. We share personal data only with:

  • Service providers (processors) — including our website hosting provider (Hostinger), email service providers, analytics providers (Google), and IT support. These providers act on our instructions under contractual data protection obligations.
  • Professional advisers — lawyers, accountants, auditors, and insurers where necessary.
  • Contractors and delivery partners — carefully selected freelancers and consultants engaged on our behalf, bound by confidentiality and data protection terms.
  • Regulators and authorities — where disclosure is required by law, regulation, or court order.
  • Business transfers — in the event of a merger, acquisition, or restructuring, subject to appropriate safeguards.

7. International Data Transfers

Because we operate across the United Kingdom, the UAE, Saudi Arabia, and India, personal data may be transferred between our offices and to service providers located outside your home jurisdiction. Where we transfer personal data internationally, we apply appropriate safeguards, which may include:

  • UK International Data Transfer Agreements (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
  • EU Standard Contractual Clauses (SCCs) for transfers of EEA data
  • Transfer mechanisms and adequacy assessments required under the UAE PDPL and KSA PDPL, including regulator-approved contractual clauses where applicable
  • Compliance with any transfer restrictions notified under the India DPDP Act

Details of the safeguards applied to a specific transfer are available on request via our privacy contact.

8. How Long We Keep Data

We retain personal data only as long as necessary for the purposes described in this policy, then delete or anonymise it. Our standard retention periods are:

Data type Retention period
Website enquiries that do not lead to an engagement 24 months from last contact
Client engagement records Duration of engagement plus 7 years (legal and regulatory requirements)
Newsletter subscriptions Until you unsubscribe, plus a suppression record to honour your opt-out
Analytics data (GA4) 14 months (GA4 standard retention setting)
Recruitment data (unsuccessful applications) 12 months, unless you consent to longer talent-pool retention
Server and security logs Up to 12 months

9. How We Protect Your Data

We apply technical and organisational measures appropriate to the risk, including encryption of data in transit (TLS/HTTPS), access controls on a need-to-know basis, secure hosting arrangements, and periodic review of our website security posture. No internet transmission is completely secure, but we take reasonable steps to protect personal data against unauthorised access, alteration, disclosure, or destruction, and we maintain procedures for identifying and responding to personal data breaches, including notification to regulators and affected individuals where legally required.

10. Your Rights

Depending on your jurisdiction, you have rights over your personal data. We honour these rights wherever they apply:

Right What it means
Access Request a copy of the personal data we hold about you
Rectification / correction Ask us to correct inaccurate or incomplete data
Erasure / deletion Ask us to delete your data where there is no lawful basis to retain it
Restriction Ask us to limit how we use your data in certain circumstances
Objection Object to processing based on legitimate interests, including direct marketing
Portability Receive your data in a structured, machine-readable format
Withdraw consent Withdraw consent at any time where processing is based on consent, without affecting prior processing
Grievance redressal (India) Raise a grievance with our designated contact, and escalate to the Data Protection Board of India if unresolved
Complain to a regulator Lodge a complaint with your supervisory authority — the ICO (UK), the UAE Data Office, SDAIA (Saudi Arabia), or the Data Protection Board of India

To exercise any of these rights, contact us at [PRIVACY CONTACT EMAIL]. We will respond within the timeframe required by applicable law (one month under UK/EU GDPR, subject to extension for complex requests). We may need to verify your identity before acting on a request.

11. Children

The Website is directed at business professionals and is not intended for children. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Third-Party Links

The Website may link to third-party websites, including social media platforms and industry resources. We are not responsible for the privacy practices of those sites, and we encourage you to review their privacy policies.

13. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. The current version will always be available on the Website with its effective date. Material changes will be highlighted on the Website or notified to subscribers where appropriate.

14. Contact Us